CVE-2006-2109

Cross-site scripting XSS vulnerability in the parsequerystr function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as...

Sql injection

SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2006-2135

CVE-2006-2135 describes an SQL injection vulnerability in login.php of Ruperts News, exploitable via the username parameter to execute arbitrary SQL commands remotely. According to NVD, this affects web login functionality with a base score of 7.5 (HIGH) and network attack vector with low complex...

CVE-2006-1971

Cross-site scripting XSS vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter...

CVE-2006-1971

CVE-2006-1971 is an XSS vulnerability in KRANKIKOM ContentBoxX, specifically in login.php where the action parameter can be exploited to inject arbitrary script/HTML. The affected component is the login form handling in ContentBoxX, with the root cause described as a cross-site scripting flaw tha...

ContentBoxx - login.php Cross-Site Scripting

ContentBoxx - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17612/info ContentBoxx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in t...

CVE-2006-1779

Cross-site scripting XSS vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter...

CVE-2006-1779

CVE-2006-1779 describes a Cross-site scripting (XSS) vulnerability in Simplog 0.9.2 and earlier, specifically in login.php where the btag parameter can be used to inject arbitrary script/HTML. Affected product: Simplog (Jeremy Ashcraft) <= 0.9.2. Attack vector from the description is a remote ...

CVE-2006-1745

This CVE concerns Bitweaver 1.3 and an input handling flaw in login.php that allows cross-site scripting via the error parameter. The vulnerability is an XSS in a web login page component, with the root cause being improper handling/encoding of user-supplied data in the error parameter. The provi...

CVE-2006-1745

Cross-site scripting XSS vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1683

The CVE-2006-1683 entry describes a SQL injection vulnerability in Chipmunk Guestbook’s admin/login.php that allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. This vulnerability affects Chipmunk Guestbook’s login handling and is documente...

ShopWeezle 2.0 - login.php?itemID SQL Injection

ShopWeezle 2.0 - login.php?itemID SQL Injection source: https://www.securityfocus.com/bid/17441/info ShopWeezle is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

CVE-2006-1638

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter to a accounts.php, b changep.php, c editac.php, d feedback.php, e fpass.php, f login.php, g post.php, h reply.php, or i replylog.php; 2 p parameter to j...

Information disclosure

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1643

Interac t 2.1.1 is affected by an SQL injection in login.php, exploitable via the user_name parameter to allow remote execution of arbitrary SQL commands. The CVE record confirms this is a SQL injection vulnerability with a CVSS base score of 7.5 (HIGH) and network access with no authentication r...

CVE-2006-1644

login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1643

SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...

CVE-2006-1644

InterAct 2.1.1’s login.php reveals an information-disclosure vulnerability: responses differ for valid vs invalid usernames, enabling remote enumeration of usernames. Affected component is login handling in Interact 2.1.1; root cause is input-based response variance. Impact is partial confidentia...

Sql injection

Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 user123 variable in a login.php or b fpass.php; or 2 cid parameter to c visview.php...